From cf53abbf056d419202c174da43c0c04bba0eb525 Mon Sep 17 00:00:00 2001
From: Johnothan King <johnothanking@protonmail.com>
Date: Thu, 22 Feb 2024 17:13:29 -0800
Subject: [PATCH] Fix here-document crash/hangup on Solaris/illumos in
 interactive shells (#721)

This was first reported in https://github.com/att/ast/issues/1472.
Attempting to cancel a heredoc with ^C or ^D can cause ksh to crash
with a segfault, or hang up and fill /tmp with files. Copy of the
reproducer:
   $ cat << EOS
   > <Press Ctrl+C or Ctrl+D>

src/cmd/ksh93/sh/main.c:
- Reset the lexer state in an interactive shell if here-document
  creation was cancelled. This patch has been adapted from Solaris:
  https://github.com/oracle/solaris-userland/blob/e478b48/components/ksh93/patches/400-29444429.patch
---
 NEWS                       |  3 +++
 src/cmd/ksh93/sh/main.c    | 14 ++++++++++++++
 src/cmd/ksh93/tests/pty.sh | 16 ++++++++++++++++
 3 files changed, 33 insertions(+)

diff --git a/NEWS b/NEWS
index c5161b2badd7..9e65d72827ec 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,9 @@ Uppercase BUG_* IDs are shell bug IDs as used by the Modernish shell library.
 
 - Fixed some integer overflows that could occur when using TMOUT.
 
+- Fixed a crash on Solaris and illumos when cancelling a here-document
+  with ^C or ^D in an interactive shell.
+
 2024-02-17:
 
 - Fixed a crash that could occur when using 'typeset -T' typed variables
diff --git a/src/cmd/ksh93/sh/main.c b/src/cmd/ksh93/sh/main.c
index 81cf986ef29f..01f3720d61bf 100644
--- a/src/cmd/ksh93/sh/main.c
+++ b/src/cmd/ksh93/sh/main.c
@@ -453,6 +453,20 @@ static void	exfile(Sfio_t *iop,int fno)
 			while(top=sfstack(iop,SF_POPSTACK))
 				sfclose(top);
 		}
+		/*
+		 * Reset the lexer state and make sure the heredocs file is
+		 * closed and set to NULL. For now we only do this when we get
+		 * here in an interactive shell and we have a leftover heredoc.
+		 */
+		if(sh_isstate(SH_INTERACTIVE) && jmpval==SH_JMPERREXIT && sh.heredocs)
+		{
+			Lex_t *lp;
+			sfclose(sh.heredocs);
+			sh.heredocs = NULL;
+			lp = (Lex_t*)sh.lex_context;
+			lp->heredoc = NULL;
+			sh_lexopen(lp,0);
+		}
 		/* make sure that we own the terminal */
 		tcsetpgrp(job.fd,sh.pid);
 	}
diff --git a/src/cmd/ksh93/tests/pty.sh b/src/cmd/ksh93/tests/pty.sh
index 86c6ace79972..cc06192067ac 100755
--- a/src/cmd/ksh93/tests/pty.sh
+++ b/src/cmd/ksh93/tests/pty.sh
@@ -1322,5 +1322,21 @@ c \Ek
 r ^:prompt: "\$SHELL" -o vi -c 'read -s "foo\?:prompt: "'$
 !
 
+tst $LINENO <<"!"
+L crash when attempting to cancel a heredoc in an interactive shell
+# https://github.com/ksh93/ksh/pull/721
+
+d 40
+p :test-1:
+w "$SHELL"
+p :test-2:
+w cat << EOS
+p :test-3:
+w \cD
+p :test-4:
+w print Exit status $?
+u ^Exit status 0\r\n$
+!
+
 # ======
 exit $((Errors<125?Errors:125))